blackhat 2017 debut sold out!

​WHERE THIS TRAINING HAS BEEN TAUGHT (PUBLICLY & PRIVATELY)...

Overview:﻿

Xipiter co-authored the Android Hacker's Handbook , a leading text on Android security, reverse engineering, and development. The Practical Android Exploitation course from Xipiter is a comprehensive course aimed to teach all about Android security. Students get hands on experience with the Android SDK/NDK and related toolchains and use that knowledge to write and analyze exploits and malware on Android. In this course participants will exploit userland and kernel Android vulnerabilities as well as discuss jailbreaks and the various attack surface of Android applications. This class is aimed to an indispensable training for mobile developers, forensics investigators, software security professionals, pen-testers, and others. In this class participants will:

Analyze real Jail-breaks and see how they work

Write exploits against userland AND kernel

Bypass modern protection mechanisms on Android (ASLR, XN, etc)

Perform Dalvik reverse engineering and learn about the Android NDK

Analyze Mobile Malware

Perform hardware attacks on Mobile devices

Students of "Practical Android Exploitation" will get hands on experience with the AndroidSDK/NDK and related toolchains and use that knowledge to write and analyze exploits on Android. This class is aimed to an indispensable training for mobile developers, forensics investigators, software security professionals, and others.

Participants of this course will also receive a complimentary copy of "The Android Hacker's Handbook".

Access to the embedded systems (targets), and tools, that comprise the entire class environment

Undoubtedly some Xipiter swag of some kind ;-)

Participant Skillset:Students taking Practical Android Exploitation should have an intermediate software exploitation background on another architecture (such as x86). They should have hands-on familiarity with the following concepts:

Lab: Stack Overflow XNIntroduce Non executable stack (XN)" and how to subvert it with Return-to-Text or commonly inaccurately referred to as (Return-to-LibC" or as we call it: "ROP Lite". Students get stepped through a vulnerability to see how this works step-by-step. (We come back to the nuances of ROP gadget finding later in the course)

Lab: "ARM/Android: Got Stagefright?"As an homage to "Android Hacker's Handbook" lead author Joshua Drake (who found the Stagefright vulnerability), participants will exploit a vulnerability in MediaServer (StageFright) when parsing a specific file format (the illusive ".vuln" file format, a fictitious but hand-crafted vulnerability we built into libstagefright).

** Lecture Presentations **

Lab: "First Root: Two CVEs, One Cup"Participants will use two CVEs (CVE-2013-7263 & CVE-2013-6282 ) to exploit the kernel of Android 4.4.4 and gain privilege escalation to root the Android device.

** Lecture Presentations **

Lab: "Second Root: JNI"Leveraging the NDK and JNI, the participants will build an application to deliver a payload to the target Android device.

Lab: "IntroApp: Hack An App"Participants will use static analysis to perform a "local" attack on a target Android application to obtain sensitive information from another Android app installed on the device.

** Lecture Presentations **

Lab: "Intro to BakSmali" Leveraging BakSmali to decompile, and dynamic runtime analysis of native code, we will peer "into" the process space of a running Android app to see what data it is transferring in an otherwise un-man-in-the-middle-able encrypted communication with a server.

Lab: "Binder: Spray your way to Success, system_server style!"In this lab participants are going to debug an app and heapspray into system_server in preparation for an actual exploit.

** Lecture Presentations **

Lab Extras: "UART on Android Devices"Participants will learn how to interface with a myriad of Android phones and devices (set top boxes, conferencing equipment, etc) via UART as well as reverse engineer pinouts of UART interfaces using a logic analyzer.

** Lecture Presentations **

Lab Extra: "Android is Everywhere"Participants will download firmware of a specific piece of VOIP/Video conferencing equipment DIRECTLY from the manufacturer's website, unpack it, disassemble it, find the requisite parts (bootloader, filesystem, etc.), decompile the APKs, and go on a guided tour of the native code and Dalvik code that contain many interesting tidbits ;-)